Fix: password change should update session user data

helpers/auth.php

@@ -41,6 +41,15 @@
       }
     }
 
+    /**
+     * Update user instance stored in session
+     */
+    public function updateSession() {
+      if ($this->isAuthenticated()) {
+        $this->user->storeInSession();
+      }
+    }
+
     /**
      * Is user authenticated
      *

helpers/user.php

@@ -140,6 +140,7 @@
           $stmt = self::db()->prepare($query);
           $stmt->execute([ $hash, $this->login ]);
           $ret = true;
+          $this->hash = $hash;
         } catch (PDOException $e) {
           // TODO: handle exception
           syslog(LOG_ERR, $e->getMessage());

utils/changepass.php

@@ -54,7 +54,7 @@
   if ($passUser->setPass($pass) === false) {
     uUtils::exitWithError("Server error");
   }
-
+  $auth->updateSession();
   uUtils::exitWithSuccess();
 
 ?>